Every day for the past seven years, a group of researchers has meticulously scanned the entire Internet, looking for patterns and anomalies and building a comprehensive Internet map used for threat hunting.
Censys’ research team works extensively with federal agencies, but doesn’t always receive much public attention for its highly detailed work, said Matt Lembright, Censys director of federal applications, during a recent MeriTalking podcast.
Yet in its 2023 state of the internet RelationshipCensys has identified more than 8,000 Internet servers hosting potentially sensitive information, including possible credentials, database backups and configuration files, Lembright said during the episode. Lembright, a cybersecurity expert and former US Army intelligence officer, said the public and people in the computer field would do well to pay attention to the findings.
It might not get the headlines that things like vulnerabilities and zero days might get, but exposures of misconfigurations that people apparently aren’t aware of, or at least may have forgotten about, is still a huge, huge problem, he said. The 2020 SolarWinds hack, which compromise nine federal networks, was attributed by the Texas-based software company to a misconfigured password.
It hasn’t really been difficult for our researchers to find these things, which is extremely concerning, Lembright said. Our assessment was easy enough for a threat actor to arm that it is much easier to break into an open door than it is to try to pick a lock or open a door.
Lembright also expressed concern about Censys research findings that critical infrastructure, a top priority for the Cybersecurity & Infrastructure Security Agency, it remains at risk. We look at the policy infrastructure a little bit and look at things like operating technology protocols and software, and we see the same thing, he said.
We see water treatment plants and gas stations and all sorts of different types of possibly critical infrastructure that doesn’t require a complicated phishing campaign (to attack). If there’s an open door, they don’t need to sneak in.
Censys’ Internet report, released in April, focused in part on HTTP, or Hypertext Transfer Protocol, which encompasses various services running on the Internet, including web servers, load balancers, and web-based application programming interfaces. research found that about 18% of all services running HTTP on the internet were hosted in one of the four major cloud service providers: Amazon Web Services, Oracle Cloud, Google Cloud or Microsoft Azure.
The dominance of major third-party vendors has reinforced that cloud consumers should take some ownership of cloud security. I think of cloud providers as storage drives. They have basic security around the perimeter of their property. But at the end of the day, when you get to your locker, that’s your responsibility. Is your data still in that cloud, she said.
Lembright, a longtime weather enthusiast, likened the work of Censys researchers to meteorology. While predicting the weather will never be an exact science, he said it has improved dramatically over time because the more sensors you have, the more accurate they are, and the more you can leverage that data at scale, the more accurate those predictions will be. .
Similarly, Censys has expanded and accelerated its global scanning and made other changes that improve its ability to understand the Internet.
You’ll never get to that perfect prediction, Lembright added, but the more we can understand these patterns, I think we can begin to piece together not just what the internet used to look like, but why it’s important to look at the internet and what it means for our daily lives.
Listen in full episode.
To learn more about Censys, Light on the recent discovery of a Russian ransomware group within its Internet search data.
#Censys #researchers #map #internet #find #disturbing #patterns